General
-
Target
8f7b89ac3df5f91ba144a8dbe04d744967e87708be7f80c8badc7708160bd06e
-
Size
115KB
-
Sample
240909-aqrt9ssgkr
-
MD5
5dd531f9477064411cf7c72617045f7d
-
SHA1
52e3cc9c8b603bcfed5db6ebab09dd775f07c6aa
-
SHA256
8f7b89ac3df5f91ba144a8dbe04d744967e87708be7f80c8badc7708160bd06e
-
SHA512
d596d06708410189ce2c862581604fe50acd85d767b3b9d1ad2b5bdeef939b5b5e301f7abc1e154db4474a04bc78ee20c609645ebaf0a3f5dd8b9fc0f1f80b15
-
SSDEEP
1536:WWp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4XEQhuxzuMmG:P5eznsjsguGDFqGZ2rB
Static task
static1
Behavioral task
behavioral1
Sample
8f7b89ac3df5f91ba144a8dbe04d744967e87708be7f80c8badc7708160bd06e.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
8f7b89ac3df5f91ba144a8dbe04d744967e87708be7f80c8badc7708160bd06e.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
njrat
0.7d
neuf
doddyfire.linkpc.net:10000
e1a87040f2026369a233f9ae76301b7b
-
reg_key
e1a87040f2026369a233f9ae76301b7b
-
splitter
|'|'|
Targets
-
-
Target
8f7b89ac3df5f91ba144a8dbe04d744967e87708be7f80c8badc7708160bd06e
-
Size
115KB
-
MD5
5dd531f9477064411cf7c72617045f7d
-
SHA1
52e3cc9c8b603bcfed5db6ebab09dd775f07c6aa
-
SHA256
8f7b89ac3df5f91ba144a8dbe04d744967e87708be7f80c8badc7708160bd06e
-
SHA512
d596d06708410189ce2c862581604fe50acd85d767b3b9d1ad2b5bdeef939b5b5e301f7abc1e154db4474a04bc78ee20c609645ebaf0a3f5dd8b9fc0f1f80b15
-
SSDEEP
1536:WWp5eznKUlIOp3YjVCguHEvQEbFqVC3woFRKpT4XEQhuxzuMmG:P5eznsjsguGDFqGZ2rB
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1